In a stark reminder of the persistent dangers in crypto trading, prominent trader and X personality Unihax0r (@0xUnihax0r) has been drained of more than $200,000 across Ethereum, Base, and BSC chains in what appears to be a sophisticated private key compromise. The attack occurred early this morning (around 00:37–00:56 UTC), leaving the trader visibly shaken. Unihax0r posted on X: “Just got drained or hacked for more than 200k. Sick to my stomach,” while sharing the attacker’s wallet address and appealing to the community for help tracing the funds.
Details of the Attack
On-chain investigators describe the drain as manual and methodical, executed over a roughly 10–30 minute window. The attacker gained full signing control over two wallets, allowing direct transactions without relying on malicious approvals or smart contract exploits.
Major losses included:
- Approximately $125,000 in $POD tokens on Base
- $21,000 in $FHE on BSC
- Additional ETH and smaller positions (including $SAT1)
The attacker even dusted the Ethereum wallet with a small amount of ETH to sweep remaining token balances — a sign of an experienced operator.
SIGMA Telegram Bot Under Scrutiny
Both compromised wallets were originally generated or imported via the SIGMA Telegram trading bot, then later imported into GMGN (another Telegram bot) and Rabby Wallet. Wallets not connected through this SIGMA workflow reportedly remained untouched.This has put intense focus on the security of Telegram-based trading bots, which thousands of traders use daily for speed and convenience across multiple chains. Suspected attack vectors include phishing via fake CAPTCHA bots in Telegram, malware, infostealer infections, or compromised sessions. Unihax0r reported no suspicious Telegram logins.
Community Reaction and Advice
The incident has sparked widespread discussion on X, with many expressing sympathy while others used it as a cautionary tale about the risks of hot wallets and Telegram bots. Key security reminders emerging from the incident:
- Never store large amounts in wallets used for active trading
- Consider hardware wallets for significant holdings
- Be extremely cautious with Telegram bots and browser extensions
- Use fresh wallets for high-value positions
- Regularly monitor connected sessions and approvals
Funds have been moved to attacker-controlled addresses (starting with 0xF7cFFC27732a5C9c4E2D592F3E33435F8dDb019A), and recovery prospects are considered low as mixing attempts may already be underway.
About The Author
